Why is my custom PermissionEvaluator not working?

后端 未结 1 698
一向
一向 2021-02-06 14:16

I can’t understand why my security doesn’t work properly. Method hasPermission() in Evaluator class not even called. I think there is something wrong with my security config.

相关标签:
1条回答
  • 2021-02-06 15:16

    This is likely due to the fact that the <global-method-security> tag needs to be in the same context as your Spring MVC configuration otherwise your controllers will not be post processed. This is discussed in the FAQ.

    So for example, if your web.xml looks like the following:

    <!--
      - Location of the XML file that defines the root application context
      - Applied by ContextLoaderListener.
      -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring/*.xml
        </param-value>
    </context-param>
    
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    
    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <!--
      - Loads the root application context of this web app at startup.
      - The application context is then available via
      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
    -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/mvc/*.xml</param-value>
        </init-param>
    </servlet>
    

    To support method security on your controllers ensure the <global-method-security> tag is defined in a location within /WEB-INF/mvc/*.xml. Note that the remainder of the configuration should remain where it is. If you want to support method security on your services, you likely also need <global-method-security> in the parent (i.e. where it likely is now).

    If this does not help, please post your web.xml or WebApplicationInitializer's if you are not using web.xml

    0 讨论(0)
提交回复
热议问题